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Models and termination of proof-reduction in the All-calculus modulo theory 


Gilles Dowek* 


Abstract 

We define a notion of model for the AE-calculus modulo theory, a notion of super- 
consistent theory, and prove that proof-reduction terminates in the AE-calculus modulo 
a super-consistent theory. We prove this way the termination of proof-reduction in two the¬ 
ories in the An-calculus modulo theory, and their consistency: an embedding of Simple type 
theory and an embedding of the Calculus of constructions. 


1 Introduction 

1.1 Models and algebras 

In Predicate logic and in Deduction modulo theory Ed, a model is defined by a set At, the 
domain of the model, a set B of truth values, and a function, parametrized by a valuation fi, 
mapping each term t to an element [tj^ of M., and each proposition A to an element [[A]^ of B. 

In the usual definition of the notion of model, the set B is a two-element set {0,1}, but 
this notion can be extended to a notion of many-valued model, where B is an arbitrary Boolean 
algebra, a Heyting algebra, a pre-Boolean algebra [I], or a pre-Heyting algebra [1J. Boolean 
algebras permit to introduce intermediate truth values for propositions that are neither provable 
nor disprovable, Heyting algebras permit to consider models where the excluded middle is not 
necessarily valid, that is models of constructive Predicate logic, and pre-Boolean and pre-Heyting 
algebras, where the order < is replaced by a pre-order relation, permit to distinguish a notion 
of weak equivalence: for all valuations fi, ([[AJ^ < and \B < [[AJ^), from a notion of 

strong equivalence: for all valuations 4>, [[AJ^ = \B ]^. The first corresponds to the provability 
of A <b> B and the second to the congruence defining the computational equality in Deduction 
modulo theory EE, also known as definitional equality in Constructive type theory mm- 
In a model valued in a Boolean algebra, a Heyting algebra, a pre-Boolean algebra, or a pre- 
Heyting algebra, a proposition A is valid when it is weakly equivalent to the proposition T, that 
is when for all valuations fi, [A] 0 > T, and this condition boils down to [[A]^ = T in Boolean 
and Heyting algebras. A congruence = defined on propositions is valid when for all A and B 
such that A = B, A and B are strongly equivalent, that is for all valuations <f>, [A]]^ = [H],*. 
Note that the relation < is used in the definition of the validity of a proposition, but not in the 
definition of the validity of a congruence. 

1.2 Termination of proof-reduction 

Proof-reduction terminates in Deduction modulo a theory defined by a set of axioms T and 
a congruence =, if this theory has a model valued in the pre-Heyting algebra of reducibility 
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candidates mm- As a consequence, proof-reduction terminates if the theory is super-consistent, 
that is if for all pre-Heyting algebras B , it has a model valued in B. 

For the termination of proof-reduction, the congruence matters, but the axioms do not. 
Thus, the pre-order relation < is immaterial in the algebra of reducibility candidates and it 
is possible to define it as the trivial relation such that C < C' for all C and C', which is a 
pre-order, but not an order. Such a pre-Heyting algebra is said to be trivial. As the pre-order is 
degenerated, all the conditions defining pre-Heyting algebras, such as a A b < a, a A b < b, etc. 
are always satisfied in a trivial pre-Heyting algebra, and a trivial pre-Heyting algebra is just a 
set equipped with arbitrary operations A, etc. Thus, in order to prove that proof-reduction 
terminates in Deduction modulo a theory defined by a set of axioms T and a congruence =, it 
is sufficient to prove that for all trivial pre-Heyting algebras B, the theory has a model valued 
in B. 

1.3 Models of the All-calculus modulo theory 

In Deduction modulo theory, like in Predicate logic, terms, propositions, and proofs belong 
to three distinct languages. But, it is also possible to consider a single language, such as the 
An-calculus modulo theory [3!, which is implemented in the Dedukti system mi or Martin- 
Lof’s Logical Framework mi, and express terms, propositions, and proofs, in this language. For 
instance, in Deduction modulo theory, 0 is a term, P(0) => P( 0) is a proposition and A a : P( 0) a 
is a proof of this proposition. In the An-calculus modulo theory, all these expressions are terms 
of the calculus. Only their types differ: 0 has type nat, P( 0) => -P(O) has type Type and 
Act: : P(0) a has type P(0) P( 0). 

The goal of this paper is to define a notion of model for the An-calculus modulo theory, define 
a notion of super-consistent theory and prove that proof-reduction terminates in the An-calculus 
modulo a super-consistent theory. We shall this way prove the termination of proof-reduction 
in two theories in the An-calculus modulo theory: an embedding of Simple type theory [5J and 
an embedding of the Calculus of constructions [3] in the An-calculus modulo theory. 

1.4 Double interpretation 

Extending the notion of model to many-sorted predicate logic requires to consider not just one 
domain Ai, but a family of domains Ai s indexed by the sorts of the theory, for instance, in a 
model of Simple type theory, the family of domains is indexed by Simple types. Then, to each 
term t of sort s is associated an element of Ai s and to each proposition A an element [AJ^ 
of B. 

In the An-calculus modulo theory, the sorts also are just terms of the calculus. Thus, we 
shall define a model of the An-calculus modulo theory by a family of sets Ait indexed by the 
terms of the calculus and a function mapping each term t of type A to an object [f]]^ of A4a- 
As propositions are just some terms of type Type, we shall require that Afr spe = B, so that if 
A is a proposition, then [AJ^ is an element of B. 

1.5 Proof-reduction 

In Deduction modulo theory, it is possible to define a congruence with a set of rewrite rules that 
does not terminate, without affecting the termination of proof-reduction. For instance, consider 
the trivial set of rewrite rules 1Z containing only the rule c —> c. Obviously, the congruence 
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defined by this set of rewrite rules is the identity and proofs modulo this theory are just proofs 
is pure Predicate logic. Thus, proof-reduction in Deduction modulo this theory terminates. 
This means that in the All-calculus modulo this theory, the /3-reduction terminates. But the 
/37£-reduction does not terminate, as the ^-reduction alone does not terminate. 

Thus, in this paper, we shall restrict to prove the termination of /3-reduction, not /37 Z- 
reduction. In some cases the termination of the /37£-reduction is a simple corollary of the 
termination of the /3-reduction. In some others it is not. 


2 The All-calculus modulo theory 

2.1 The All-calculus 


Definition 2.1 (The syntax of the All-calculus) The syntax of the All -calculus is 

t = x | Type | Kind \ Tlx : t t \ Xx : t t \ t t 
As usual, we write A —» B for Tlx : A B when x does not occur in B. 

The a-equivalence relation is defined as usual and terms are identified modulo a.-equivalence. 
The relation /3 (one step (3-reduction at the root) is defined as usual. 

As usual, if r is a relation on terms, we write —for the subterm extension of r, —for 
the transitive closure of the relation —>), —>* for its reflexive-transitive closure, and = r for 
its reflexive-symmetric-transitive closure. 


Definition 2.2 (The typing rules of the All-calculus) The typing rules of the XTl-calculus 
are 

■ Empty 


well-formed' 
TT A: s 


T, x : A well-formed 
T well-formed 


Declaration x not in T 


T T Type : Kind 
T well-formed 


Sort 


TTx:A 

T b A : T ype T,x : AT B : s 
T T llx : A B : s 
TTA:Type T,x:ATB:s T,x:ATt:B 


T T Xx : A t : ILr : A B 
TTt: Tlx : A B T T u : A 
T b (t u) : ( u/x)B 
TT A:s TT B : s TTt: A 


Variable x : A € T 
Product 

Abstraction 


TTt: B 

where in each rule s is either Type or Kind. 


Application 
Conversion A =p B 


It can be proved that types are preserved by /3-reduction, that /3-reduction is confluent and 
strongly terminating and that each term has a unique type modulo ^-equivalence [9j. 

Definition 2.3 (Object) A term t is said to be an object in a context T, if t has a type A, 
and A has type Type. 
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2.2 The AIT-calculus modulo theory 

Recall that if X, T, and A are contexts, a substitution 9, binding the variables declared in T, is 
said to be of type T ^ A in X if for all x declared of type T in T, we have X, A b 6x : 6T. In 
this case, if X, T P u : U, then X, A I- 9u : 9U. 

Definition 2.4 (Rewrite rule) A rewrite rule is a quadruple l — > r,T r where T is a context 
and l, r, and T are j3-normal terms. Such a rule is said to be well-typed in the context X if, 
in the All -calculus, the context X, T is well-formed and the terms l and r have type T in this 
context. 

If X is a context, l —> r,T r is a rewrite rule well-typed in X and 9 is a substitution of type 
r A in X then the terms 91 and 9r both have type 9T in the context X, A. 

The relation 1Z (one step ^-reduction at the root) is defined by: t 71 u is there exists a 
rewrite rule l — > r,T r and a substitution 9 such that t = 91 and u = 9r. The relation ,87Z (one 
step /3711-reduction at the root) is the union of /3 and 7Z. 

Definition 2.5 (Theory) A theory is a pair formed with a context X, well-formed in the AII- 
calculus and a set of rewrite rules 7Z, well-typed in X in the All -calculus. 

The variables declared in X are called constants rather than variables. They replace the 
sorts, the function symbols, the predicate symbols, and also the axioms of Predicate logic. 

Definition 2.6 (The All-calculus modulo theory) The All-calculus modulo X, 7Z is the ex¬ 
tension of the All -calculus obtained modifying the Declaration and Variable rules to allow the 
use of constants as well as variables 

— - \ A ' s -- Declaration x not in X,T 

1, x : A well-formed 

T\~ x : A ’ 

and by replacing the relation =g by =gn in the Conversion rule 

Thylii rh 8 :s Thbip . , D 

- - Conversion A =g n B 


3 Examples of theories 

3.1 Simple type theory 

In J6], we have given a presentation of Simple type theory in Deduction modulo theory. This 
presentation can easily be adapted to the An-calculus modulo theory. 

Definition 3.1 (The language of Simple type theory) 

i : Type 
o : Type 
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£ : o —y T ype 


=>■ : o —> o —> o 
V A • (A — y o ) — y o 

for a finite number of Simple types A, where Simple types are inductively defined by 

• l and o are Simple types, 

• if A and B are Simple types, then A —y B is a Simple type. 

Definition 3.2 (The rules of Simple type theory) 

e(=» X Y) —* e(X) e(Y) 
e(V A X) — yUz:A s(X z) 

3.2 The Calculus of constructions 

In P|, we have introduced an embedding of the Calculus of constructions [21 in the All-calculus 
modulo theory. 

Definition 3.3 (The language of the Calculus of constructions) 

U T y P e ■ Type 

Br ind ■ Type 
Type : U K ind 
E-Type ■ bJType t Type 
ERind • Uj^ind t Type 

^-(Type,Type,Type) • BX : Bxype (((EType X) t BType) t BType) 

n^Type,Rind,Kind) • BX : Bxype {{(.EType X) y UKind) ^ UKind) 

n^Kind,Type,Type) • BX UKind (((ERind ^0 t Uxype) ^ Uxype) 

n^Kind,Kind,Kind) ■ BX URi n d (((ERind X ) > UKind) ^ UKind) 

Definition 3.4 (The rules of the Calculus of constructions) 

E Kind(Type) y UType 

ETypefB-(Type,Type,Type) X Y ) y II Z : (EType X) (EType (Y z)) 

EKind(B(Type,Kind,Kind) X I ) y TIz . (EType X') (ERind (Y z)) 

EType(B(Kind,Type,Type) X T) y II Z . (ERind X') (EType (Y Z )) 

EKind(B-(Rind,Kind,Kind) X I ) y TIz . (SRind X~) (SRind (Y ^)) 
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4 Super-consistency 

4.1 IT-algebras 

The notion of II-algebra is an adaptation to the All-calculus of the notion of (trivial) pre-Heyting 
algebra. 

Definition 4.1 (II-algebra) A II-algebra is formed with 

• a set B, 

• an element T ofB, 

• a subset A ofV(B), 

• a function II from B x A to B. 

If w and w' are two elements of B, we write w A- w' for II(w, {it/}). 

Definition 4.2 (Full II-algebra) A II-algebra is full if A = V(B), that is if II is defined for 
all subsets of B. 

Definition 4.3 (Ordered, complete II-algebra) A II-algebra is ordered if it is equipped with 
an order relation C such that the operation II is left anti-monotonous and right monotonous with 
respect to C, that is 

• if x^y, then for all S fl (y,S) C n(x, S), 

• */ S Cl, then for all x II(x, S) C II(x, T), where SCI is defined as: for all y in S, there 
exists a z in T such that y C z. 

It is complete if every subset of B has a least upper bound for the relation C. 

4.2 Models valued in a II-algebra B 

Definition 4.4 (Family of domains valued in a II-algebra B) Let B = (B, T, V(B), ft) be 
a full II-algebra. A family of domains valued in B is a family ( Mt)t indexed by terms of AII- 
calculus modulo theory, such that MKind = Mrype = B. 

Definition 4.5 (Valuation) Let (JAt)t be a family of domains. Let T = x\ : A\,...,x n : A n 
be a well-formed context. A T-valuation onto M. is a function mapping every variable Xi to an 
element of M.Ai- 

Definition 4.6 (Model valued in a II-algebra B) A model is a function mapping each pair 
formed with a term t of type A in a context I and each I-valuation onto M. (j) to a element [[f]]^, of 
Ma, such that [. Kind ]</, = {Type}$ = T, [x]^, = fx, and |IIx : C = 6(1(71^, \ c £ 

M c }). 

Definition 4.7 (Validity) A theory S, TZ is said to be valid in a model M. if for all A and B 
such that A=gpi B, we have A A a = Mb and [[d]^ = {B}^. 
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Definition 4.8 (Super-consistency) A theory £, TZ, is said to be super-consistent if for every 
full, ordered and complete H-algebra B, there exists a model M valued in B such that £.7 Z is 
valid in AT 

To define the notion of validity of a type (axiom) declared in £, we should, in supplement, 
add a pre-order relation < on B, with some compatibility conditions between T, A, IT, C and 
<, so that the validity of a type A can be defined as [A]]^, > T. As our main focus in this paper 
is proof termination, we leave this for future work and we implicitly consider that all types are 
valid in all models. 

5 Super-consistency of the All-calculus modulo Simple type the¬ 
ory and modulo the Calculus of constructions 

5.1 Simple type theory 

Let (B, T, V(B), II) be a full II-algebra and {e} be an arbitrary one-elenrent set. 

Definition 5.1 We define a family of set (A it)t indexed by terms of the All -calculus modulo 
theory as follows. 

• M-Kind, — MlType — AT — B, 

• M u = Me = AU = A^ a = M x = {e}, 

• M\ x ,c t = M t , 

• Al(i u ) = M t , 

• A4nx:C d is the set of functions f from Me to Md, except if Md = {e} 

Mux-.c D = {e}. 

Lemma 5.1 If t does not contain any occurrence of Kind, Type, or o then Mt 

Proof. By induction on the structure of t. 

Lemma 5.2 If u does not contain any occurrence of Kind, Type, or o, then M( u / X }t = Mt.. 

Proof. By induction on the structure of t. If t = x then, by Lemma l5Tl M( u / X ) t = M u = 
{e} = Mt,. If t is Kind, Type, l, o, e, V^, or a variable different from x, then x does not 

occur in t. If t is an application, an abstraction, or a product, we use the induction hypothesis. 

Lemma 5.3 (Conversion) If t =/ 3 k u then Mt = M u . 

Proof. If t = ((Ax : C t') u'), then v! is an object and it does not contain any occurrence of 

Kind, Type, or o. By Lemma E2J M^xx-.c t') u') = -Mt' = I x)t'- 

Then, as for all v, Mt e v ) = M e = {e}, and if Md = {e}, then Mnx-.c D = {e}, we have 

•M(e C)=>(£ d) = {e} = A4( e ( C D)) and Afn^c (e ( d x)) = { e l = A4( e { y c £>))■ 

We prove, by induction on t, that if t — u then Mt = M u and we conclude with a 
simple induction on the structure of the derivation of t =gn u. 


, in which case 

i = W- 
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Definition 5.2 Let t be a term of type A in a context T or that is equal to Kind. Let f be a 
T-valuation onto M. The element [t]U of Ma is defined as follows. 

• {Kindly = {Type b = = T, 

• MU = (fx, 

• [Ax : C t]U is the function mapping c in Me to [t]U )X = c , except if for all c in Me 
P]U,x=c = e, in which case [Ax : C tJU = e, 

• l(t u)}<f ) = [i]*(MU), except if [% = e, in which case [(t u)b = e, 

• pis : C 1% = ft([C] 0 , {lDj^ x=c | c € M c }), 

• [e]U is the identity on B, 

• l=AU the function mapping w and w' in B to w -A- w', 

• [Vc]</> is the function mapping the function f from Me to B to the element ofB ft([C]U, {fc \ c G 
Me})- 

Lemma 5.4 (Substitution) \(u/x)tb = p]^ +x= [ u ]^ 

Proof. By induction over the structure of t. 

Lemma 5.5 (Conversion) If t =pn u then [t]U = [«]</,. 

Proof. If t = ((Ax : C t') u'), then let D be the type of t', if Md = {e} then [((Ax : 

C t') u')b = e= l{v!/x)t%. Otherwise [((Ax : C t') v!)b = {t'b, x= | u /j 0 = \{u'/x)t%. 

Then [e(=^ t' u')b = p'JU^p/JU = p(f') ->• e{v!)b and [e(V c * 7 )1^ = ft ([<?]</>, {[t']^c | c G 
M c }) = pi y : C e{t' y)b- 

We prove, by induction on t, that if t — u then [t]^ = [u]U and we conclude with a 
simple induction on the structure of the derivation of t =pn u. 

5.2 The Calculus of constructions 

In the model of Simple type theory, we had Mt = {e} for all objects t. This allowed to define 
M(t u ) and M\ x: c t as Mt and validate /3-reduction trivially. In the model built in this section, 
we need to take M Type = B although Type is an object, as Type : Uxind ■ Type. Thus, we need 
to define M\ x -.a t. as a function. This leads to define first another family of domains (Aft)t and 
parametrize the definition of Mt itself by a valuation onto Af. 

Let (B,T,V(B), II) be a full Il-algebra and {e} be an arbitrary one-elenrent set. Let E be a 
set containing B and {e}, and closed by function space and arbitrary unions. The existence of 
such a set can be proved with the replacement scheme. 

Definition 5.3 We define a family (Aft)t, indexed by terms of the All -calculus modulo theory as 
follows. 

• Al Kind, = Afxype = N\J Kind = B , 
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• A/n x-.c D is the set of functions f from Me to Md, except if Md = {e}. in which case 
Mnx:C D = {e}. 


Mury 

= m t 


= Mr, 


Type 


n. 


^ (Kind,Type,Type) 

■A/a x-.c t = M~t, 


= Me 

= M t 


^Type 


= M e 


= Mu 


n 


(Kind, Kind, Kind) 


£ Kind II 

= M X = {e} 


(Type,Type,Type) 


Mfi 


(Type, Kind, Kind) 


• -A f(t u ) = -A ft- 

Lemma 5.6 If t does not contain any occurrence of Kind, Type, or UKind, then Mt = {e}. 


Proof. By induction on the structure of t. 

Lemma 5.7 Ifu does not contain any occurrence of Kind, Type, or Uxind, then M( u / X )t = -A/*. 

Proof. By induction on the structure oft. If t = x then, by Lemma [5. 6 i M( u / X \ t = M u = {e} = 
M t . Iff IS KxTld, Type, U Kindi U Typei ^VP^i £ Kindi ^ Typei ^ (Type, Type, Type) i Type , Kind, Kind) i 
^{Kind,Type,Type), ^-(Kind,Kind,Kind), or a variable different from x, then x does not occur in t. If 
t is an application, an abstraction, or a product, we use the induction hypothesis. 

Lemma 5.8 (Conversion) If t =bii u then Mt = M u . 

Proof. If t = ((Ax : C t') u'), then v! is an object and it does not contain any occurrence of 
Kind , Type , or U K md- By Lemma EZ3 M^ xx -.c t>) u>) = K' = -A f(u'/x)t'- 
We have M {exind Type) = {e} = Mu Type . 

Then, as for all v, Mn s „) = M £g = {e}, and if Md = {e}, then Mu X :C D = {e}, we have 
• A 4 S2 (li (31jS2iS2) C D) = W = Nnx:(e sl C) (e S2 (D x))- 

We prove, by induction on t, that if t —u then Mt = M u and we conclude with a simple 
induction on the structure of the derivation of t =g-R. u. 

Definition 5.4 We define a family ( Mlt)t,xl> indexed by terms of the All -calculus modulo theory 
and T-valuations onto M, in such a way that if t has type A in T, then Mlt ^ is an element of 

Ma- 

• Ml Kind,ip = Ml Ty pe,ip = Mlu Kind ^ = M Urype ^ = Ml Type ^ = B, 

• Ml eKmd Aj is the identity on E, 

• Mle Type ,ip is th e function from {e} to E mapping e to {e}, 

• Ml x ^ = ifx, 

• Ml\ x: c t,ip is the function mapping c in Me to Mlt,ip+ X =c except if for all c in Me, 
Ml t ^ +X=c = e in which case Mlxx-.c t,i> = e, 

• Ml(t u ),ip = Mt^(Ml u ^), except if M t ^ = e in which case M( t = e, 

• Mlnx,c D,ip is the set of functions from M c to U cG .V c Ml D ^ +x=c , except if{J c eM c Ml D ^ +x=c 
{e} in which case Mlnx-.c D,tp = {e}, 
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= e 


» yvir, — ./v iJr 

{Type, Type, Type) *-*-{Kind,Type,Type) 

*s £/ie function mapping e and h from {e} to E to the set of functions 

from {e} to (,h e), 

• Ma is the function mapping a in E and h from |e) to E to the set of 

{Kind, Kind, Kind) 

functions from a to (h e ). 

Lemma 5.9 (Substitution) M( u /x) t ,</, = M t ^+ x =Mu 

Proof. By induction on the structure of t. 

Lemma 5.10 (Conversion) If t =giz u then Mt,4> = M u ,i/i- 

Proof. The term ((Ax : C t') v!) reduces to {v!/x)t'. Let D be the type of t!. Both terms 
((Ax : C t') u') and {v!/x)t' have type {v!/x)D. If Md = {e}, then Mu\ x: c t>) u'),ip = e = 
(u 1 / x)t',ip, otheiwise MI((\ X -.C t') u’),ip ,tl>+x=M u i ^ /x)t' ,tj)- 

We have Me Kind {Type),4 ; = ^^Kind^i^Type,^) = ^ Type ,ip = & = Mu T y pe ,il)- 
We have M, ,a n n) , = Me, e.Mc ibMo ^ is the set of func- 

£ Kind {Kind, Kind, Kind) *- / ^ x {Kind, Kind, Kind) >r 

tions from M c , 4 , to M D ,ipe- And M nx -.{e Kirid C) ( e Kind (n X )), 4 , is the set of functions from 
M (e Kind C), 4 > to U c e/V (ejfjiid c) M £ Kin d (D x)rt+ x =c, that is the set of functions from M c ^ to 
M(jj x ), 4 >+x=e that is the set of functions from Me, 4 , to Mp^e as well. 

We have M £Kind( u (TypeMKtnd) c D),4> = M n (Type , Kind , Kind) ^ M C, 4 >M D ,* is the set of func¬ 
tions from {e} to M D ^e. And M nx: ( £Type C ) (e Kind (D x)),4> is the set of functions from M ( £Tppe C ) 
t° UceM (EType c) M £K ind {D x), 4 >+x=c that is the set of functions from {e} to M^ D x )^ +x=e that 
is the set of functions from {e} to Mp^e as well. 

We have A4 Tppe (n< SiTppe , T!/pe> c D) = (4 and as UeA/), c) M eTyp ^ D x )^ +x =c = {4, we have 
Afni:(e C) (£Tt/pe (D x)) {4 a S Well. 

We prove, by induction on t, that if t —u then M^ = M u ^ and we conclude with a 
simple induction on the structure of the derivation oi t=gn u. 

From now on, consider a fixed valuation onto J\f if and write Ma for Ma,4j- 

Definition 5.5 Let t be a term of type A in a context V or that is equal to Kind. Let <f> be a 
r -valuation onto M. The element [tj^ of Ma is defined as follows. 

• {Kindle = {Type = [ U K indj<t> = Wrypeh = [' Type ]</, = f, 

• [x\<t> = ( t )X > 

• [Ax : C t}^ is the function mapping c in Me to [t]^ >a . =c , except if for all c in Me 
[M4,a;=c = e, in which case [Ax : C t}^ = e, (note that [t]^,a:=c is in Md, that is Md, 4 >, 
hence it is in U c zeAT c M D ^+x=d), 

• [(£ 41<A = W4H4 except if [% = e, in which case [(f u)}$ = e, 

• plx :C% = n ([Cl*, {p% x=c | c e Me}), 

• l^Typeii ) = [e Kindj<p is the identity on B, 
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* \^{Type,Type,Type)\<j> pi (Type,Kind,Kind)\<j> \^-(Kind,Type,Type)\<f> P f Kind. Kind. Kind) 1 <p *5 

the function mapping an element C in B and a function f from some set S in E to B to 
the element fl(C , {/s \ s E S}) ofB. 

Lemma 5.11 (Substitution) l(u/x)tj^ = [il^ +x =[ u ] 0 

Proof. By induction over the structure of t. 

Lemma 5.12 (Conversion) If t =37 z u then [t]^ = 

Proof. If t = ((Ax : B t') v!), then let C be the type of t', if Me = {e} then [((Ax : 

B t') u'flt = e= l(u'/x)t%, otherwise [((Ax : B t') u')}^ = \t%,x=lu% = {{u'/x)t%. 

We have \£Kind(Type)\^ = f = lU TyP ej^- 

If si = Kind , then [ £s 2 (n (siAS2) CD)J^ = n([C]^, {[D] 0 c | c € M c }) = pi y : (e ai C) (e S2 (D y))]*. 
If 5 ! = Type , then [e S 2 (n (si , S2 , S2) C D )]* = ft([C]*, {[D]*e}) = ply : (e Sl C ) (e , 2 (D y))]|*. 

We prove, by induction on t, that if t —u then [t]^ = [tx]^ and we conclude with a 
simple induction on the structure of the derivation of f = 37 ^ u. 

6 The termination of ^-reduction in super-consistent theories 

We now prove that proof-reduction terminates in the All-calculus modulo a super-consistent 
theory such as Simple type theory or the Calculus of constructions. We use here the notion of 
reducibility candidate introduced by Girard [S]. Our definition, however, follows that of Parigot 

m- 

6.1 The candidates 

Definition 6.1 (Operations on set of terms) The set T is defined as the set of strongly 
terminating terms. 

Let C be a set of terms and S be a set of sets of terms. The set n(C, S) is defined as the set 
of strongly terminating terms t such that if t —>*^ A x : A t' then for all t" in C, and for all D 
in S, (t"/x)t' E D. 

The main property of the operation II is expressed by the following Lemma. 

Lemma 6.1 Let C be a set of terms and S be a set of sets of terms, t\, t 2 , and u be terms such 
that t\ E U(C,S), t 2 E C, and (t\ tfi) — u, n\ and 7 x 2 be natural numbers such that n\ is 
the maximum length of a reduction sequence issued from t\, and t -2 is the maximum length of a 
reduction sequence issued from t 2 , and D be an element of S. Then, u E D. 

Proof. By induction on ni + n 2 - If the reduction is at the root of the term, then t\ has the 
form A x : At' and u = {t 2 /x)t'. By the definition of n(C, S), u E D. Otherwise, the reduction 
takes place in t\ or in t. 2 , and we we apply the induction hypothesis. 

Definition 6.2 (Candidates) Candidates are inductively defined by the three rules 

• the set T of all strongly terminating terms is a candidate, 
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• if C is a candidate and S is a set of candidates, then Tl(C,S) is a candidate, 

• if S is a set of candidates, then P| S is a candidate. 

We write C for the set of all candidates. 

The Il-algebra (C, T, V(C), II) is full, it is ordered by the subset relation and complete for 
this order. 

Lemma 6.2 (Termination) If C is a candidate, then all the elements of C strongly terminate. 

Proof. By induction on the construction of C. 

Lemma 6.3 (Variables) If C is a candidate and x is a variable, then x £ C. 

Proof. By induction on the construction of C. 

Lemma 6.4 (Closure by reduction) If C is a candidate, t £ C, and t —>*p t', then t' £ C. 
Proof. By induction on the construction of C. 

If C = T, then as t is an element of C, it strongly terminates, thus t' strongly terminates, 
and t' £ C. 

If C = Tl(D,S), then as t is an element of C, it strongly terminates, thus t' strongly 
terminates. If moreover t' — Xx : A t\, then t — Xx : A t\, and for all u in D, and 
for all E in S , (u/x)t\ £ E. Thus, t' £ C. 

If C = Hi Ci, then for all i, t £ Cj and by induction hypothesis t' £ C{. Thus, tl £ C. 

Lemma 6.5 (Applications) Let C be a candidate and S be a set of candidates, t\ and t 2 such 
that 1 1 £ n(C, S) and t 2 £ C, and D be an element of S. Then (t i t 2 ) £ D. 

Proof. As ti £ n(C, S) and and t 2 £ C, t\ and t '2 strongly terminate. Let n\ be the maximum 
length of a reduction sequence issued from t \ and n 2 be the maximum length of a reduction 
sequence issued from t 2 - By Lemma 16.11 all the one step reducts of (t\ t^) are in D. 

To conclude that (t\ t. 2 ) itself is in D, we prove, by induction on the construction of D, that 
if D is a candidate and all the one-step reducts of the term (ti ^ 2 ) are in D, then (fi ^ 2 ) is in D. 

• If D = T, then as all the one-step reducts of the term (t\ t 2 ) strongly terminate, the term 

(tl £ 2 ) strongly terminates, and (ti £ 2 ) € D. 

• If D = n(C, 5), then as all the one-step reducts of the term (t\ t, 2 ) strongly terminate, 

the term (ti t^) strongly terminates. If moreover (ti t^) — Xx : A v, then let (t\ t 2 ) = 
ui, U 2 , ■ ■ ■, u n = Xx : A v be a reduction sequence from (t\ ^ 2 ) to Ax : A v. As (t\ ^ 2 ) 
is an application and Xx : A v is not, n > 2. Thus, (t\ t. 2 ) — U 2 —>*p Xx : A v. We 

have U 2 £ D and U 2 —>*p Xx : A v, thus for all w in C and F in S, (w/x)v £ F. Thus, 

(ti t 2 ) efl(C,S) = D. 

• If D = P|j Di, then for all i, all the one step reducts of (ti t 2 ) are in D j, and, by induction 
hypothesis (ti t. 2 ) £ D,. Thus, (ti t^) £ D. 
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6.2 Termination 

Consider a super-consistent theory E, 7Z. We want to prove that /^-reduction terminates in the 
All-calculus modulo this theory, while /37£-reduction may or may not terminate. As this theory 
is super-consistent, it has a model At valued in the II-algebra (C, T, V(C), II}. Consider this 
model. 

If a term t has type B in some context T, then B has type Type in T, B has type Kind in 

T, or B = Kind. Thus, {B}^ is an element of M.Type = C, is an element of M.Kind = C, or 

[H]]^ = T. In all these cases |-B]^ is a candidate. 

Lemma 6.6 Let T = x 1 : Ai,...,x n : A n be a context, <f be a T-valuation onto At, cr be a 
substitution mapping every Xi to an element of [AJ^ and t a term of type B in T. Then 

at € IB}#. 

Proof. By induction on the structure of t. 

• If t = Type , then B = Kind , {B}^ = T and at = Type G | B},p. 

• If t = x is a variable, then by definition of a, at G 

• If t = Ux : C D , then B = Type or B = Kind , and = T, T h C : Type and 

T, x : C \~ D : Type or T, x : C b D : Kind , by induction hypothesis aC € = T, 

that is aC strongly terminates and aD G {Type = T or aD G {Kind}^ = T, that is aD 
strongly terminates. Thus, a(Tlx : C D) = Ux : aC aD strongly terminates also and it is 
an element of T = [ B ]^. 

• If t = Xx : C u where u has type D. Then B = IIx : C D and {BJ^ = [IIx : C = 
n([[c;] 0 , {[[T)]] 0 >a , =c | c G Ate}) is the set of terms s such that s strongly terminates and if 
s reduces to Ax : E si then for all s' in [C]]^ and all a in Ate, (s'/x)s\ is an element of 

[-Dl (f>, X =a- 

We have at = Xx : aC au , consider a reduction sequence issued from this term. This 
sequence can only reduce the terms aC and au. By induction hypothesis, the term aC 
is an element of |Type]^ = T and the term au is an element of [[-D] 0 , thus the reduction 
sequence is finite. 

Furthermore, every reduct of at has the form A x : C' v where C' is a reduct of aC and 
v is a reduct of au. Let w be any term of and a be any element of Ate, the term 

(w/x)v can be obtained by reduction from (( w/x ) o a)u. By induction hypothesis, the 
term ((w/x) o a)u is an element of [[T , ]](/),x=a- Hence, by Lemma 16.41 the term (w/x)v is an 
element of Therefore, the term crAx u is an element of {B}^. 

• If the term t has the form (u\ U 2 ) then u\ is a term of type nx : C D, U 2 a term 

of type C and B = (ii 2 /x)D. We have at = (au\ au 2 ), and by induction hypothesis 
am G plx : C DJ^ = n([C']] 0 , {|D]]^ +a:=a | a G Ma}) and au 2 G [C]^. By Lemma E3J 
(aui au 2 ) G = l(u 2 /x)D\ (j> = {BJ^. 

Theorem 6.1 Let T be a context and t be a term well-typed in T. Then t strongly terminates. 

Proof. Let B be the type of t in T, let 4> be any T-valuation onto At, a be the substitution 
mapping every x* to itself. Note that, by Lemma 16.31 this variable is an element of Then 

t = at G [-BJA Hence it strongly terminates. 
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7 Consistency of the All-calculus modulo Simple type theory 
and modulo the Calculus of constructions 

Lemma 7.1 (Consistency of the All-calculus modulo Simple type theory) In the con¬ 
text x : o there is no term of type s(x). 

Proof. Assume there exists a term t of type e(x) in the context x : o and let t' be its /3-normal 
form. The term t' would have the form ( h u\ ... u n ) for some constant or variable h. A case 
analysis shows that no constant or variable can yield a term of type e(x). 

A similar argument applies to the All-calculus modulo the Calculus of constructions with 
the context x : UT ype and the type £T ype (x). 

8 Termination of the /577-reduction 

We finally prove the termination of the /3711-reduction for Simple type theory and for the Calculus 
of constructions. The rules IZ of Simple type theory are 

e(=t> X Y) —> e(A) -> e(Y) 

e(V A X) —>Uz : A e(X z ) 

This set IZ of rewrite rules terminates, as each reduction step reduces the number of symbols 
=3- and V a in the term. Then, ^-reduction can create /3-redices, but only /3-redices on the form 
((Ax : At) z) where z is a variable. Thus, any term can be (weakly) /37^-reduced by /3-reducing 
it first, then 7£-reducing it, then /3-reducing the trivial /3-redices created by the 711-reduction. 

A similar argument applies to the Calculus of constructions. 
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